JavaScript must be enabled in order for you to use Knowledgebase Manager Pro. However, it seems JavaScript is either disabled or not supported by your browser. To use Knowledgebase Manager Pro, enable JavaScript by changing your browser options, then try again.
Learn more.

Introduction

BIND 9.8.7-P1 is a patch release for BIND 9.8 which includes changes to address GCC optimization issues described in ISC Operational Notification https://kb.isc.org/article/AA-01167 as well as patches for a small number of other issues.

This document summarizes features added or significantly changed since the previous major release, BIND 9.8.6. Changes marked with '**' have been added since the previous release, 9.8.7.Please see the CHANGES file in the source code release for a complete list of all changes.

Download

The latest versions of BIND 9 software can always be found on our web site at http://www.isc.org/downloads/.
There you will find additional information about each release, source
code, and pre-compiled versions for Microsoft Windows operating systems.

Security Fixes

Treat an all zero netmask as invalid when generating the localnets acl to work around a bug on the Windows platform. [CVE-2013-6230] [RT #34687]

Fix
crashes when serving some NSEC3 signed zones. memcpy was incorrectly
called with overlapping ranges, resulting in malformed names being
generated on some platforms. This could cause INSIST failures. (CVE
2014-0591) [RT #35120]

Feature Changes

Add the ability to specify ndots to "nslookup". [RT #34711]

Check that EDNS subnet client options are well formed. [RT #34718]

"named" now preserves the capitalization of names when responding to queries. [RT #34737]

The
export-library API call for loading "resolv.conf", irs_resconf_load(),
has been modified to return ISC_R_FILENOTFOUND when the file does not
exist and initializes the resconf structure as if the file had existed
and configured with nameservers at the localhost addresses (127.0.0.1
and ::1). [RT #35194]

Bug Fixes

Don't call qsort with a null pointer and disable GCC 4.9 "delete null pointer check". This fixes problems when using GNU GCC 4.9.0 where its compiler code optimizations may cause crashes in BIND. For more information, see the operational advisory at https://kb.isc.org/article/AA-01167/. [RT #35968] **

Improve Linux portability for libcap support. [RT #35387] **

Fix a bug that prevented the dig, nslookup, and host utilities from exiting properly after completing a UDP query. [RT #35288] **

Treat type 65533 (KEYDATA) as opaque except when used in a key zone. [RT #34238]

Fix
"host" and "nslookup" so don't need dot after the domain by checking
ndots when searching. Only continue searching on NXDOMAIN responses. [RT
#34711]

Fix
a bug which could cause a crash when running "rndc reconfig" or "rndc
reload" after configuration is changed from regular zones to automatic
empty zones. [RT #35177]

Thank You

Thank
you to everyone who assisted us in making this release possible. If you
would like to contribute to ISC to assist us in continuing to make
quality open source software, please visit our donations page at http://www.isc.org/donate/.